Cross-site Scripting Vulnerability in WP Codeus Advanced Sermons Plugin
CVE-2024-29928

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
27 March 2024

What is CVE-2024-29928?

The WP Codeus Advanced Sermons plugin is vulnerable to a reflected cross-site scripting (XSS) issue. This vulnerability arises from improper input neutralization during web page generation. Attackers can exploit this flaw to inject malicious scripts into web pages that are viewed by users, potentially leading to unauthorized access or manipulation of user data. Versions of the Advanced Sermons plugin from its initial release up to version 3.1 are affected, making it crucial for administrators to apply security updates.

Affected Version(s)

Advanced Sermons <= 3.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.